With its large footprint consisting of 24 hospitals, 390 clinics, and a staff of over 37,000 spread across the three states of California, Oregon, and Hawaii, Adventist Health touches millions of lives through hospital admissions, emergency, clinic, outpatient, and home care visits. To achieve better outcomes, Adventist Health uses advanced technology that help restore patient health and empower physicians to deliver better care. To keep their over 58,000 IoT devices, 70% of them being healthcare-related, securely connected every day, Adventist Health runs a tight network based on Cisco Digital Network Architecture (Cisco DNA).
Ed Vanderpool, senior IT manager at Adventist Health describes the setup, “We have a cluster of Cisco DNA Center installed in our central data center, and we use it to manage our entire network consisting of Cisco Catalyst 9000 family of switches and WiFi 6 capable wireless equipment. With Cisco DNA Center we have automated most of our day-to-day management functions and are able to maintain the performance levels our stakeholders expect.”
With the confidence that he has in Cisco DNA Center, he signed up to test out its new capability – AI endpoint analytics – with which he could verify the identity of each of those 58,000 devices, determine if they posed any threat, and take steps to protect the network if they did.
|Industry: Healthcare||Region: Americas|
|• While the network perimeter was adequately protected by firewalls, there was a risk that security breaches could happen from the inside
• With a large footprint and user base it was very difficult to stop users from attaching their own potentially non-compliant devices, increasing risk
• Manually identifying, profiling, inventorying, and tracking 58,000 and growing devices on the network was practically impossible
|• Cisco DNA
• Cisco Catalyst 9000 series of switches, access points, and wireless controllers
• Cisco DNA Advantage and Cisco ISE software licenses
|• Identified a vast majority of the 58,000+ devices immediately, and the rest with a little admin input
• Uncovered potential security gaps by discovering unsupported endpoints
• Reduced 3-4 weeks of manual profiling work for a team of engineers to 3-4 days
• Allowed local teams to control their own inventory
• Provided security teams additional insights to craft effective security policies
Preventing network infections
Discussing their security strategy, Ed said, “In the past, our focus was on stopping malware attacks from outside and we built firewall barriers at our network perimeter. What we are realizing now is that we need to pay as much attention to threat sources which may be lurking inside.”
Recounting a recent experience, Ed described how a doctor once inadvertently brought in one of their own patient monitoring devices and plugged it into the hospital network. That device happened to be infected and could have potentially spread malware. Luckily, Ed and his team were able to discover the infected device and stop it before it could do too much damage. “We learned from that experience, and now have a policy prohibiting such ad-hoc devices, but given our scale, we need help. That is why we chose AI endpoint analytics.”
“We signed up to test Cisco’s new AI endpoint analytics application as soon as it was available. Right away it exceeded our expectations by identifying a large majority of the 58,000 devices we have in our system. It is now a centerpiece of our security strategy and we are using the unprecedented visibility and insights endpoint analytics provides to keep our healthcare network secure and compliant with HIPAA regulations”
– Ed Vanderpool, Senior IT Manager, Adventist Health
Quicker diagnosis for faster containment
Starting AI endpoint analytics was as easy as downloading and installing a new version of Cisco DNA Center. Right off the bat, it was able to scan, identify, and profile 75% of the endpoints. “And no, we didn’t have to manually add the remaining 15,000 or so endpoints,” laughed Ed, “We simply provided the system with some pointers which was enough for it to fill in the blanks and finish profiling the rest.” In its profiling, AI endpoint analytics used advanced AI/ML algorithms to search crowdsourced databases, obtain more granular information, and remove unknowns.
Speaking about the improvement he had seen with AI endpoint analytics, Ed mentioned how they were only able to identify fewer than 30% of the devices before it, and their expectations were that they would be able identify perhaps 50% of the devices. AI endpoint analytics was a pleasant surprise to him and his team since it was able to profile 75% of the endpoints. It was truly an aha moment, “Wow, we didn’t know we had all these out there!” In fact, Ed was able to find some devices that were discontinued and no longer being supported by their manufacturers, and some whose manufacturers had gone out of business. If they hadn’t been found in time, these unsupported endpoints could have been exploited to inflict some real damage.
It pays to stay healthy
Reflecting on the time saved, Ed described how it might have taken a team of engineers 3 to 4 weeks working full time to categorize and create inventory. With EA they were able to accomplish it all in just 3 to 4 days and with better accuracy. It certainly saved the engineers a lot of drudge work. Security teams who are very stringent were equally enthused. Instead of building their security policies from scratch, they were able to take the profiling provided by AI endpoint analytics and tweak them to put together their security framework. They had more information than ever including fine details on each endpoint, where it was located, and how it connected to the network.
A workout for the network
Constant monitoring is important for Adventist Health to make sure no unauthorized endpoints are on the network at any time. Commenting on the role of AI endpoint analytics, Ed said, “This capability will give our local IT teams much more visibility into their system. They will be able to work with security teams closer as well. The teams will be able to notice any potential problem right away, be able to pinpoint the location, and rapidly take steps to rectify it.”
Moving towards a zero-trust model, Adventist Health is now taking steps to further secure their network by implementing the Cisco SD-Access solution. They see AI endpoint analytics as an enabling technology that will provide the much-needed endpoint visibility and grouping that will help define their segmentation policies. As they plot their network’s future, Adventist Health can rest easy that, thanks to their Cisco DNA Advantage software subscription, they will get the latest advances in Cisco DNA as soon as they are available.
Talking about how Cisco DNA Center continues to help IT, Ed remarked, “We view the Cisco DNA Center as the central point from which to control all network and security functions. In fact, we are writing an application that uses APIs that the Cisco DNA Center platform offers to customize it even more for our use.”
We can’t wait to return to Ed to learn how that project turned out!
- Read the white paper on endpoint analytics
- Read the blog post on how endpoint analytics can segment and secure your network
- Listen to a podcast on how AI/ML technology is used in endpoint analytics